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DETAILED ACTION 

This action is responsive to the amendment filed on December 7, 2004. Claims 1-35 are 
pending. Claims 1-35 represent a method for verifying the security of an applet connecting to a 
network server. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1(2) of such treaty in the English language. 

Claims 1-14, 16-31, and 33-35 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Touboul US Patent No. 6,092,194. Toubol discloses the invention as claimed including a 
system to protect a computer from suspicious Downloadables (see abstract). 

As per claims 1, 16, 33, 34, and 35 Touboul discloses a method, a system, a computer 
data signal including a program code, a method from the client and a system with means of 
creating a network connection between an applet executing on a client computer and a content 
server computer, the method comprising: 

determining a home site name for the applet, the home site name corresponding to a host 
name of a computer from which the applet was downloaded to the client computer (determining 
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an ID including the original site of download; column 1, lines 36-57; column 2, lines 1-20; 
column 4, lines 41-45; column 5, lines 14-27); 

checking for the presence of a hostname entry in a name directory on the content server 
computer, the hostname entry corresponding to the home site name for the applet (checking to 
see if ID is one of allowable Ids; column 6, lines 38-41) 

permitting the applet to create a network connection with the content server computer if 
the hostname entry was present; and denying permission for the applet to create a network 
connection with the content server computer if the hostname entry was not present (allowing or 
denying connection based on ID; column 4, lines 41-61; column 5, lines 24-29column 6, lines 
41-51; column 7, lines 60-67; column 8, lines 1-6). 

As per claims 2 and 17, Toubol discloses the method and system of claims 1 and 16, 
wherein checking for the presence of a hostname entry in a name directory on the content server 
computer comprises: 

generating a Uniform Resource Locator for the hostname entry on the content server 
computer (gerenating a ID including a URL; column 4, lines 41-61); and 

sending an HTTP request using the Uniform Resource Locator to the content server 
computer to determine whether the hostname entry is present in the name directory on the 
content server computer (sending he ID Toubol discloses to a Directory; column 4, lines 62-67; 
column 5, lines 1-15). 
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As per claims 3 and 19, Toubol discloses the method and system of claims 2 and 17, 
wherein generating a Uniform Resource Locator comprises combining a host name of the 
content server computer, a path name of the name directory and a name of the hostname entry 
(URL includes userED, intended recipient; column 4, lines 41-61). 

As per claims 4 and 18, Toubol discloses the method and system of claims 2 and 17, 
wherein sending an HTTP request using the Uniform Resource Locator comprises sending an 
HTTP HEAD-request using the Uniform Resource Locator to the content server computer to 
determine whether the hostname entry is present in the name directory on the content server 
computer (column 5, lines 17-29). 

As per claims 5 and 20, Toubol discloses the method and system of claims 2 and 16, 
further comprising looking up an address of the content server (column 4, lines 41-43). 

As per claims 6 and 21, Toubol discloses the method and system of claims 5 and 20, 
wherein checking for the presence of a hostname entry in a name directory on the content server 
computer comprises using the address of the content server to check for the presence of the 
hostname entry, and wherein permitting the applet to create a network connection with the 
content server computer if the hostname entry was present comprises using the address of the 
content server to create the network connection with the content server (the allowing or denying 
of the connection is based on the Downloadable ID; column 4, lines 41-43, 61-67; column 5, 
lines 16-29). 
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As per claim 7, Toubol discloses the method of claim 1, wherein an execution engine 
executes the applet on the client computer, and wherein checking for the presence of a hostname 
entry in a name directory of the content server computer comprises using network restriction 
software in the execution engine to check for the presence of the hostname entry (column 3, lines 
41-67; column 4, lines 1-13). 

As per claims 8 and 25, Toubol discloses the method and system of claims 1 and 16, 
wherein checking for the presence of a hostname entry in a name directory on the content server 
computer comprises using a consistent path name for the name directory (column 4, lines 14-29). 

As per claims 9 and 26, Toubol discloses the method and system of claims 8 and 16, 
wherein checking for the presence of a hostname entry in a name directory on the content server 
computer comprises using an instruction from the applet on a path name for the name directory 
(column 4, lines 29-40; column 4, lines 49-61; column 5, lines 36-57). 

As per claims 10 and 27, Toubol discloses the method and system of claims 9 and 26, 
wherein using an instruction from the applet on a path name for the name directory comprises 
using a language construct to determine the path name for the name directory (column 4, lines 
29-40; column 4, lines 49-61). 
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As per claims 1 1 and 29, Toubol discloses the method and system of claims 1 and 16, 
further comprising using the hostname entry to determine types of network connections that are 
permitted between the applet and the content server computer (column 4, lines 62-67; column 5, 
lines 1-3). 

As per claims 12 and 28, Toubol discloses the method and system of claims 1 and 16, 
wherein checking for the presence of a hostname entry in a name directory on the content server 
computer comprises checking for the presence of a file in the name directory that has a file name 
identical to the home site name for the applet (column 4, lines 49-61; column 6, lines 38-55). 

As per claims 13 and 30, Toubol discloses the method and system of claims 1 and 16, the 
network restriction software further comprises the performing an address check (column 3, lines 
49-61; column 5, lines 24-29). 

As per claims 14 and 31, Toubol discloses the method of claim 13, wherein performing 
an address check comprises: 

determining an address list for the content server computer (column 4, lines 14-26); 
determining an address list for the computer from which the applet was downloaded 
(column 5, lines 16-29); and 

denying permission for the applet to create a network connection with the content server 
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computer if the address list for the content server computer is not a subset of the address list for 
the computer from which the applet was downloaded (column 4, lines 41-61 ; column 6, lines 41- 
51; column 7, lines 60-67; column 8, lines 1-10). 

As per claim 22, Toubol discloses the client computer system of claim 16, wherein the 
name directory comprises a directory in a file system of the content server computer (column 3, 
lines 42-67; column 4, lines 1-14). 

As per claim 23, Toubol discloses the client computer system of claim 22, wherein the 
hostname entry comprises an empty file in the name directory on the content server computer 
(column 3, lines 42-67; column 4, lines 1-14). 

As per claim 25, Toubol discloses the client computer system of claim 16, wherein the 
name directory comprises a file on the content server computer( column 3, lines 42-67; column 4, 
lines 1-14). 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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Claims 15 and 32 rejected under 35 U.S.C. 103(a) as being unpatentable over Toubol US 
Patent No. 6,092,194 in view of Donaldson US Patent No. 6,321,267. Donaldson discloses the 
invention substantially as claimed including a method for filtering. 

Toubol discloses the method of claims and 30 13, wherein performing an address check 
comprises denying permission for the applet to create a network connection with the content 
server computer if the home site name for the applet is in a digital hash form, and an address 
specified by the digital hash form is not identical to an address for the content server computer 
(column 7, lines 46-59). Toubol does not expressly disclose "dotted quad". Donaldson discloses 
dotted quad. See column 17, lines 16-64; column 27, lines 63-67; column 28, lines 1-10. It 
would have been obvious to a person of ordinary skill in the art at the time of the invention to 
combine the dotted quad of Donaldson with the digital hash of Toubol. A person of ordinary 
skill in the art would have been motivated to do this to simplify the address lists in the database. 

Response to Arguments 

Applicant's arguments filed December 7, 2002 have been fully considered but they are 
not persuasive. 

As per the independent claims 1, 16 and 33-35, applicant argues that the downloadable 
does not execute during performance and therefore cannot make a network connection. In 
response to applicant's arguments, the recitation that the applet is not executing has not been 
given patentable weight because the recitation occurs in the preamble. A preamble is generally 
not accorded any patentable weight where it merely recites the purpose of a process or the 
intended use of a structure, and where the body of the claim does not depend on the preamble for 
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completeness but, instead, the process steps or structural limitations are able to stand alone. See 
InreHirao, 535 F.2d 67, 190USPQ 15 (CCPA 1976) m\<\ Kropa v. Robie, 187F.2d 150, 152, 
88 USPQ 478, 481 (CCPA 1951). 

The reference Toubol, however, does teach that the Downloadable, which includes 
applets, is an executable application program. Toubol also teaches that the applet is either 
permitted or denied connection with the content server based on the contents of the executable 
portion of the code. If the hostname is in the code, then the applet is permitted to run on the 
client. If the applet is requesting anything suspicious, the connection is blocked. See column 6, 
lines 49-60. 

As per claims 2 and 17, applicant argues that Toubol does not disclose that the 
Downloadable ID includes the URL from which it came. In response, Toubol discloses the URL 
of the source of the Downloadable, which is where the Downloadable came from. See column 6, 
lines 38-45. 

As per claims 3 and 19, applicant argues that Toubol does not teach a URL combing a 
host name of the content server computer, a path name of the name directory and name of the 
hostname entry. Toubol teaches checking what the applet what server the applet will connect to, 
which is the hostname of the content server. It is also well known in the art that a URL contains, 
according to its definition, a hostname, and a pathname. See column 5, lines 36-57. 

As per claims 14 and 31, applicant argues that Toubol fails to discuss the subsets of he 
claims. Toubol also teaches that the applet is either permitted or denied connection with the 
content server based on the contents of the executable portion of the code. If the hostname is in 
the code, then the applet is permitted to run on the client. The source address and the address to 
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which the applet is connecting to is all checked. 
60. 
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See column 5, line s37-57; column 6, lines 38- 



Conclusion 

THIS ACTION IS MADE FINAL, Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Uzma Alam whose telephone number is (571) 272-3995. The 
examiner can normally be reached on Monday-Tuesday 1 1 :30am-8pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571) 272-4001. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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